From 085418cb53baa1ebd97b2fa395a62120aa55b7a9 Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Mon, 25 Aug 2025 10:35:01 +0800
Subject: [PATCH] fix CVE-2025-9165

(cherry picked from commit 482f66aba8a89b8cfbce1d536e170f7477ae2146)
---
 backport-CVE-2025-9165.patch | 31 +++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-9165.patch

diff --git a/backport-CVE-2025-9165.patch b/backport-CVE-2025-9165.patch
new file mode 100644
index 0000000..dc777d6
--- /dev/null
+++ b/backport-CVE-2025-9165.patch
@@ -0,0 +1,31 @@
+From ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 8 Aug 2025 21:35:30 +0200
+Subject: [PATCH] tiffcmp: fix memory leak when second file cannot be opened.
+
+Closes #728, #729
+
+Reference:https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
+Conflict:Adapt context
+---
+ tools/tiffcmp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c
+index 2a35fe6..f812c7d 100644
+--- a/tools/tiffcmp.c
++++ b/tools/tiffcmp.c
+@@ -103,7 +103,10 @@ main(int argc, char* argv[])
+ 		return (2);
+ 	tif2 = TIFFOpen(argv[optind+1], "r");
+ 	if (tif2 == NULL)
++	{
++		TIFFClose(tif1);
+ 		return (2);
++	}
+ 	dirnum = 0;
+ 	while (tiffcmp(tif1, tif2)) {
+ 		if (!TIFFReadDirectory(tif1)) {
+-- 
+2.33.0
+
diff --git a/libtiff.spec b/libtiff.spec
index 7a77eee..fbcf09b 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        42
+Release:        43
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -58,6 +58,7 @@ Patch6048:      backport-CVE-2024-13978.patch
 Patch6049:      backport-0001-CVE-2025-8534.patch
 Patch6050:      backport-0002-CVE-2025-8534.patch
 Patch6051:      backport-CVE-2025-8851.patch
+Patch6052:      backport-CVE-2025-9165.patch
 
 Patch9000:      fix-raw2tiff-floating-point-exception.patch
 
@@ -180,6 +181,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Mon Aug 25 2025 lingsheng <lingsheng1@h-partners.com> - 4.3.0-43
+- fix CVE-2025-9165
+
 * Tue Aug 12 2025 lingsheng <lingsheng1@h-partners.com> - 4.3.0-42
 - fix CVE-2025-8851
 
-- 
Gitee